Penetration-Testing

Comprehensive Authorization & Access Control Guide A practitioner’s reference for Broken Access Control (OWASP A01) — the models, bug classes, bypass techniques, real-world chains, and detection/prevention patterns that matter in modern web and API testing. Compiled from 33 research sources. Table of Contents Fundamentals Authorization Models Attack Surface & Discovery Vertical Privilege Escalation Horizontal Privilege Escalation & IDOR/BOLA Broken Function Level Authorization URL, Method & Header Bypasses Parameter & Keyword Bypasses JWT & Token Claim Manipulation OAuth Scope & Redirect Abuse Multi-Tenant & Session Isolation Failures Cloud & AI Agent Authorization Real-World CVEs and Chains Tools & Automation Detection & Prevention Testing Methodology Quick Reference 1. Fundamentals Access control is the application of constraints on who or what is authorized to perform actions or access resources. It sits on top of two related primitives: ...

Comprehensive Mobile Application Security Guide A practitioner’s reference for iOS and Android application security — threat models, platform attack surface, reverse engineering, runtime instrumentation, bypass techniques, testing methodology, and defensive controls. Compiled from 16 research sources. Table of Contents Fundamentals & Threat Model OWASP MASVS & MASTG Android Platform Attack Surface iOS Platform Attack Surface Insecure Storage Network Communication & TLS SSL / Certificate Pinning Bypass Reverse Engineering Workflow Runtime Instrumentation with Frida Root & Jailbreak Detection Bypass Deep Links & URL Schemes WebView Security Authentication, Biometrics & Session Cryptography & Key Management Resilience / Anti-Tamper / RASP Tooling Reference Testing Methodology Notable CVEs & Real-World Incidents Defensive Checklist 1. Fundamentals & Threat Model Mobile application security differs from traditional web security in three material ways. First, the attacker has the binary on their device and can take it apart at leisure — the app runs in a fundamentally hostile environment. Second, the OS provides strong sandboxing, code signing, and hardware-backed keystores that raise the bar but can be bypassed by a motivated attacker on a rooted or jailbroken device. Third, the attack surface spans the binary, the device, the local IPC boundary, the network, and the backend APIs — any of which can be the weak link. ...

Comprehensive Recon Guide A practitioner’s reference for web reconnaissance — attack surface discovery, subdomain enumeration, live host probing, content discovery, JS mining, cloud asset hunting, automation, and continuous monitoring. Compiled from 23 research sources. Table of Contents Fundamentals Scope & Target Profiling Subdomain Enumeration DNS Brute Force & Permutation Live Host Discovery & HTTP Probing Port Scanning URL & Endpoint Crawling JavaScript Analysis Content & Directory Discovery Parameter Discovery Technology Fingerprinting Cloud Asset Discovery GitHub & Code Leak Hunting ASN & Infrastructure Expansion Wordlist Resources Automation Pipelines Continuous Monitoring Real-World Recon Wins Quick Reference 1. Fundamentals Recon is 80% of offensive security. The researchers who earn six figures aren’t running more tools than everyone else — they’re running them in smarter pipelines, feeding the output of one into the next, and manually reviewing the long tail that automation misses. Every hour spent deepening the asset inventory pays off when hunting begins: more subdomains means more parameters, more endpoints, more code paths, more chances for a bug nobody else has seen. ...

Comprehensive Bug Bounty Hunting Guide A practitioner’s reference for modern bug bounty hunting — methodology, platforms, reconnaissance pipelines, vulnerability hunting, exploit chaining, report writing, and career strategy. Compiled from 97 research sources (the largest collection in the research library). Table of Contents Fundamentals & Mindset Bug Bounty Platforms Scope Analysis & Target Selection The End-to-End Methodology Reconnaissance Pipeline Subdomain Enumeration Deep Dive Asset Discovery & Attack Surface Mapping JavaScript Analysis & Secret Hunting Content Discovery & Fuzzing Vulnerability Classes to Hunt Business Logic & Chaining Cloud, API & Web3 Attack Surfaces AI / LLM Testing Real-World Disclosed Writeups Report Writing & Triage Tools & Automation Stack Income & Payout Strategies Common Mistakes & Anti-Patterns Learning Resources Quick Reference Cheat Sheets 1. Fundamentals & Mindset Bug bounty hunting is the practice of finding and responsibly disclosing security vulnerabilities to organizations that reward researchers for their findings. Unlike traditional penetration testing, bug bounty is outcome-driven: no bug, no bounty. Payouts range from $50 nuisance bugs to $2M+ for critical cloud / crypto findings. ...

Comprehensive Burp Suite Guide A practitioner’s reference for Burp Suite — core tools, essential extensions, Bambdas and BChecks, Collaborator, macros and session handling, custom extension development, Burp AI, and real-world testing workflows. Compiled from 69 research sources. Table of Contents Fundamentals Proxy Repeater Intruder Scanner Comparer, Decoder, Sequencer Collaborator (OAST) Macros & Session Handling Target, Sitemap & Scope Essential BApp Extensions Turbo Intruder Bambdas BChecks Writing Custom Extensions (Montoya API) Burp AI Keyboard Shortcuts Real-World Workflows Troubleshooting & Tuning Learning Resources 1. Fundamentals Burp Suite, from PortSwigger, is the de-facto web application security testing platform. It is an intercepting proxy with a rich toolbox for manual and semi-automated testing. Three editions ship today: ...